S/MIME: Is it right for my organization?

| 20th Jul 2020

Keeping your email system secure

Finding an email security solution that prevents data breaches and keeps your system protected can be difficult. Most importantly, your organization needs security protocols that are reliable, easy to use and cost-effective – and ideally integrate seamlessly with your existing IT infrastructure.

One of the myriad systems available is S/MIME. S/MIME – Secure, Multipurpose Internet Mail Extensions – is a technology that allows organizations and individuals to encrypt their emails and provide a digital signature as proof of an email’s legitimacy.

How does S/MIME secure my organization’s email system?

S/MIME secures emails by using a set of mathematically related keys – a private key and a public key. When you send an email, it’s encrypted with your recipient’s public key, which in turn means it can only then be decrypted by their own private key. That way, unless your private keys are compromised, only your intended recipient can access the secure data in your emails.

In addition to encryption, S/MIME also gives you the option of providing a digital signature to your emails, verifying that the sender is legitimate. By using your private encryption key, all your emails can feature a digital signature proving that you are the sender.

Signing an email certificate digitally provides message authentication, non-repudiation and data integrity. Put simply, these features allow your recipients to know that the email was sent by the person who claims to have sent it, and that the email is the same as the one the sender originally sent.

As phishing attacks become more sophisticated (and email use grows), the ability to digitally sign emails does increase security. However, simply signing your emails does not guarantee that your data is protected, especially when considering that the majority of data breaches now occur through misdirected email.

With modern ways of working (and a changing workplace due to Covid-19), it’s becoming clear that relying on S/MIME alone is no longer suitable for most organizations.

Why isn’t S/MIME always ideal for organizations?

S/MIME protection is better than having no protection, but that doesn’t mean it should be the only security system you consider.

While digital signatures do increase trust for email recipients, they don’t actually do anything towards securing the email. Additionally, users of webmail clients like Gmail may struggle since these services generally don’t provide native S/MIME certificate support. Indeed, it’s often not feasible since the certificate is required to be kept on the server, excluding end-to-end encryption.

This means that frequently emailing contacts outside of your organization becomes a costly problem – both financially and in terms of the amount of time you’ll have to dedicate to ensuring this complex procedure operates smoothly. If you’re frequently dealing with external contractors, partners or clients, S/MIME will make communicating via email harder.

S/MIME encryption can also affect your organization’s standard email practices in other ways. Its end-to-end encryption means it’s much harder for your users to search through their email inbox, meaning that information could be lost. It also means senders are more likely to add email subject lines that might compromise sensitive data, to aid them with later retrieval.

You’ll also find that anti-virus scanning, DLP tools and archiving systems are affected by the way S/MIME works. Beyond being frustrating, this could result in costly data compromises that could lead to regulatory fines or breaches in data protection laws.

What are my organization’s other options?

closed communities and simple networks without a lot of external communication, S/MIME may well be a satisfactory solution. However, for modern, dynamic enterprises and organizations with more complex requirements, it’s clear that it’s not suitable.

Thankfully, Egress Intelligent Email Security was specifically designed to resolve the issues presented by S/MIME. Instead of complex and unintuitive user experience, Egress products integrate directly into Outlook, making them incredibly easy to use. Our software is used globally by major corporations and governmental bodies to secure email systems, preventing data breaches that would otherwise cost millions of dollars in damages.

Egress Protect email encryption software allows you to control encryption and protection settings, giving you more confidence in the security of your network. Anti-virus, advanced DLP and government-certified levels of encryption that you control make it easier for you to secure your email communications.

Egress Investigate also allows you to securely search and retrieve encrypted mail securely. Not only does this allow for more efficient, productive operations, but it also means you’ll be in compliance with government regulation such as the CCPA and internal laws such as GDPR. This will mean you avoid financially punitive fines.

All in, Egress’ software offers increased security benefits compared to S/MIME with none of the user-experience drawbacks. Easier to use, less complex and with lower management costs, it’s a compelling alternative for the modern organization.